Find the answer to your Linux question:
Results 1 to 3 of 3
Hello, I set-up a Squid proxy server using Kerberos. The server works great for users within our domain as they are already authenticated with Kerberos, but when users outside the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2009
    Posts
    2

    Squid & Kerberos: how do I get a password prompt


    Hello,

    I set-up a Squid proxy server using Kerberos. The server works great for users within our domain as they are already authenticated with Kerberos, but when users outside the domain try to connected, they get an error message. Obviously, this is the intended function of Kerberos...but rather than just flat-out deny users who aren't authenticated with an error message, I'd like Squid to ask for a password and username--is this possible, and how do I go about doing it?

    I have made the following modifications to my squid.conf file to get Kerberos to work (as well as include the keytab file in the start-up script):

    auth_param negotiate program /usr/local/squid/libexec/squid_kerb_auth -d
    auth_param negotiate children 10
    auth_param negotiate keep_alive on

    acl auth proxy_auth REQUIRED
    http_access allow auth
    http_access deny all

  2. #2
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    Squid kerberos authentication and ldap authorization in Active Directory Klaubert's Blog

    there is a kerberos and basic auth method. probably need to tailer the basic auth to what you need, but it gives you the jist.

  3. #3
    Just Joined!
    Join Date
    Dec 2009
    Posts
    2
    You have to use basic authentication (NCSA).I did it first,and after that I did the Active Directory authentication.The basic authentication goes like this:
    auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
    auth_param basic children 5
    auth_param basic realm Squid-Proxy Server
    auth_param basic credentialsttl 7 hours
    auth_param basic casesensitive off


    /etc/squid/passwd is the password hash file created like the hash for Apache authentication.When user access proxy,a pop-up window appears for username/password.You make up the acl and http_acces,et voila!
    It is nice that you did Kerberos authentication,one day I will ask you for more details.....

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •